静态类型加密协议的资源感知授权策略

2011 IEEE 24th Computer Security Foundations Symposium Pub Date : 2011-06-27 DOI:10.1109/CSF.2011.13

M. Bugliesi, Stefano Calzavara, F. Eigner, Matteo Maffei

{"title":"静态类型加密协议的资源感知授权策略","authors":"M. Bugliesi, Stefano Calzavara, F. Eigner, Matteo Maffei","doi":"10.1109/CSF.2011.13","DOIUrl":null,"url":null,"abstract":"Type systems for authorization are a popular device for the specification and verification of security properties in cryptographic applications. Though promising, existing frameworks exhibit limited expressive power, as the underlying specification languages fail to account for powerful notions of authorization based on access counts, usage bounds, and mechanisms of resource consumption, which instead characterize most of the modern online services and applications. We present a new type system that features a novel combination of affine logic, refinement types, and types for cryptography, to support the verification of resource-aware security policies. The type system allows us to analyze a number of cryptographic protocol patterns and security properties, which are out of reach for existing verification frameworks based on static analysis.","PeriodicalId":364995,"journal":{"name":"2011 IEEE 24th Computer Security Foundations Symposium","volume":"64 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols\",\"authors\":\"M. Bugliesi, Stefano Calzavara, F. Eigner, Matteo Maffei\",\"doi\":\"10.1109/CSF.2011.13\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Type systems for authorization are a popular device for the specification and verification of security properties in cryptographic applications. Though promising, existing frameworks exhibit limited expressive power, as the underlying specification languages fail to account for powerful notions of authorization based on access counts, usage bounds, and mechanisms of resource consumption, which instead characterize most of the modern online services and applications. We present a new type system that features a novel combination of affine logic, refinement types, and types for cryptography, to support the verification of resource-aware security policies. The type system allows us to analyze a number of cryptographic protocol patterns and security properties, which are out of reach for existing verification frameworks based on static analysis.\",\"PeriodicalId\":364995,\"journal\":{\"name\":\"2011 IEEE 24th Computer Security Foundations Symposium\",\"volume\":\"64 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE 24th Computer Security Foundations Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSF.2011.13\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 24th Computer Security Foundations Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2011.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

摘要

用于授权的类型系统是加密应用程序中用于规范和验证安全属性的常用设备。尽管前景很好，但现有框架表现出有限的表达能力，因为底层规范语言没有考虑到基于访问计数、使用界限和资源消耗机制的强大授权概念，而这些概念是大多数现代在线服务和应用程序的特征。我们提出了一个新的类型系统，它以仿射逻辑、细化类型和密码学类型的新组合为特征，以支持资源感知安全策略的验证。类型系统允许我们分析许多加密协议模式和安全属性，这是现有的基于静态分析的验证框架无法实现的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols

Type systems for authorization are a popular device for the specification and verification of security properties in cryptographic applications. Though promising, existing frameworks exhibit limited expressive power, as the underlying specification languages fail to account for powerful notions of authorization based on access counts, usage bounds, and mechanisms of resource consumption, which instead characterize most of the modern online services and applications. We present a new type system that features a novel combination of affine logic, refinement types, and types for cryptography, to support the verification of resource-aware security policies. The type system allows us to analyze a number of cryptographic protocol patterns and security properties, which are out of reach for existing verification frameworks based on static analysis.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 IEEE 24th Computer Security Foundations Symposium

自引率

0.00%

发文量

期刊最新文献

A Statistical Test for Information Leaks Using Continuous Mutual Information Local Memory via Layout Randomization Regret Minimizing Audits: A Learning-Theoretic Basis for Privacy Protection Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols Integrated Specification and Verification of Security Protocols and Policies